Activity Stream
48,167 MEMBERS
6888 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1.     
    #1
    Member
    Website's:
    Elite.SO Defendos.com Motionite.com

    Default Block most DDoS using htaccess file!

    Hey, I found this on the net and wanted to share this with you all:

    Lately, it seems DDOS attacks have become a more popular way for a tech savvy customer or competitor to attempt a bit of revenge. I?ve consulted on several emergency projects within the past month in which a client?s server ? web sites creating sales of over $100,000 per day ? were brought down for hours or days due to a DDOS attacks that are easily mitigated with the proper techniques.
    Distributed denial of service or ?DDOS? attacks are quite common. Larger companies with hefty CPUs and server bandwidth often notice it only as a spike in hits. Small businesses notice it when their site goes offline, email stop coming in, and revenue comes to a screeching halt!
    Here are some of the basic Linux security tools & techniques I use to help clients bring their servers back online.
    An effective .htaccess file is the fastest and most direct approach to mitigating DDOS attacks. It is important to browse to your server after editing your .htaccess file as any mistake in syntax can cause a 500 error for everyone attempting to access your site.
    Here is the template .htaccess file I use:

    Code: 
     
    # BEGIN .HTACCESS FILE
    # The following lines use the Apache mod rewrite module to redirect certain web queries to where you want them to go. This is an effective security tool as well as great for the user experience in many cases. If you are using lighthttpd or are not using mod_rewrite with Apache the below "rewrite" lines do nothing.
     
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
     
    # Example Redirects
    # Redirect /this-is-the-shortcut http://yourdomainhere.com/whatever/long-URL/you-want-to-redirect-to/with-that-shortcut-goes-here
    # Redirect /myaccount http://yourdomainhere.com/memberaccounts/accountlogin.php
    # It is important for server performance to order your .htaccess "deny from" and "allow from" statements with deny first, then allow after all of the deny directives.
     
    order deny,allow
    # The following regional blacklists are from http://www.wizcrafts.net/russian-blocklist.html as of 1-14-2010
    # Nigerian/African 419 Scammers IP addresses follow:
    deny from 12.166.96.32/27 41.138.160.0/19 41.184.0.0/16 41.189.0.0/19 41.189.32.0/19 41.190.88.0/22 41.191.84.0/22 41.191.108.0/22 41.194.52.0/22 41.202.0.0/17 41.202.128.0/19 41.202.192.0/19 41.203.96.0/19 41.203.224.0/20 41.204.0.0/17 41.204.128.0/18 41.204.224.0/19 41.205.0.0/19 41.205.64.0/19 41.205.160.0/19 41.207.0.0/19 41.207.160.0/19 41.207.192.0/19 41.208.48.0/23 41.208.128.0/18 41.210.0.0/18 41.210.192.0/18 41.211.0.0/19 41.211.192.0/18 41.214.0.0/17 41.215.160.0/20 41.217.0.0/17 41.218.192.0/18 41.219.128.0/17 41.220.0.0/16 41.221.160.0/20 41.222.0.0/21 41.222.24.0/21 41.222.40.0/21 41.222.64.0/21 41.222.192.0/22 41.223.24.0/22 41.223.64.0/22 41.223.248.0/22 41.248.0.0/16 41.250.0.0/16 61.11.230.112/29 62.56.128.0/17 62.56.235.0/24 62.56.236.0/24 62.56.244.0/22 62.56.248.0/24 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178.0/24 63.73.58.0/24 63.100.193.0/24 63.103.138.0/24 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.247.0/24 63.109.248.128/25 63.122.154.0/24 64.14.48.128/26 62.24.96.0/19 64.86.155.0/24 64.86.210.0/23 64.110.30.0/24 64.110.31.0/24 64.110.64.16/28 64.110.76.0/23 64.110.81.0/24 64.110.93.16/28 64.110.93.176/28 64.110.147.0/24 64.201.33.0/24 65.120.56.0/21 65.209.91.0/24 65.209.92.0/24 66.18.64.0/19 66.110.31.0/24 66.178.0.0/17 66.199.241.82 66.205.20.0/24
    deny from 77.70.128.0/24 77.70.129.0/26 77.70.137.0/25 77.70.138.0/23 77.73.184.0/21 77.220.0.0/20 78.138.2.0/24 78.138.3.200/29 78.138.3.208/28 78.138.3.224/28 78.138.8.8/29 78.138.32.32/27 78.138.33.144/29 80.78.16.168/29 80.78.16.176/28 80.78.16.192/28 80.78.17.0/24 80.78.18.88/29 80.78.18.96/27 80.78.18.128/29 80.78.19.16/29 80.78.19.104/29 80.78.19.112/28 80.78.23.16/28 80.87.64.0/19 80.88.128.0/20 80.88.129.0/24 80.88.130.0/24 80.88.131.0/24 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.135.0/24 80.88.136.0/24 80.88.137.0/24 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140.0/24 80.88.141.0/25 80.88.141.128/27 80.88.142.0/24 80.88.143.128/24 80.88.144.0/23 80.88.146.0/24 80.88.147.0/24 80.88.148.0/24 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150.0/24 80.88.151.0/24 80.88.152.0/24 80.88.153.0/24 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29 80.89.176.0/24
    deny from 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.240.192.0/20 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/23 80.248.70.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.41.160/28 80.255.43.0/24 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.58.160/27 80.255.58.192/26 80.255.59.19 80.255.59.232/29 80.255.59.240/29 80.255.61.0/25 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 82.128.0.0/17 82.205.242.0/23 83.137.59.8/29 83.137.61.0/24 83.138.167.40/29 83.229.0.0/17 84.254.188.3 84.254.128.0/18
    deny from 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 192.118.71.0/24 193.93.96.0/22 193.95.0.0/17 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128.0/24 193.194.64.0/19 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 195.8.22.0/24 195.10.109.192/26 195.24.192.0/19 195.44.168.0/21 195.44.176.0/21 195.137.13.0/24 195.137.14.0/24 195.166.224.0/19 195.214.240.0/21 195.219.176.0/24 195.225.62.0/23 195.245.108.0/23 196.0.0.0/16 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.20.0.0/19 196.29.96.0/19 196.29.216.0/21 196.29.224.0/20 196.44.96.0/19 196.45.192.0/18 196.46.240.0/21 196.128.0.0/10 196.192.0.0/12 196.208.0.0/14 196.212.0.0/14 196.220.0.0/19 198.54.0.0/16 204.16.124.0/22 204.118.170.0/24 206.113.97.0/24 208.70.0.0/21 208.78.56.0/21 209.88.163.0/24 209.101.84.0/24 209.159.160.0/20 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.49.64.0/19 212.52.128.0/19 212.60.64.0/19 212.85.192.0/19 212.96.0.0/19 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135.0/24 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.165.183.0/24 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24
    deny from 213.136.96.0/19 213.140.62.0/23 213.150.192.0/23 213.154.64.0/19 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112.0/24 213.185.113.0/26 213.185.113.64/27 213.185.113.96/27 213.185.118.160/27 213.185.118.192/26 213.185.124.0/24 213.187.135.0/24 213.187.145.0/24 213.211.128.0/18 213.211.188.0/24 213.232.96.0/24 213.255.193.0/24 213.255.194.0/24 213.255.195.0/24 213.255.198.0/24 213.255.199.0/24 216.72.104.0/21 216.74.187.0/24 216.118.252.0/24 216.118.253.0/24 216.118.254.0/24 216.129.147.128/28 216.129.159.0/24 216.133.174.0/24 216.139.160.0/19 216.147.132.144/28 216.147.132.160/28 216.147.134.0/24 216.147.159.0/24 216.185.79.0/24 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.240.0/20 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.16/28 217.20.243.32/27 217.21.64.0/19 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5.0/24 217.146.6.0/25 217.146.6.160/27 217.146.7.0/24 217.146.8.0/25 217.146.9.0/24 217.146.10.128/25 217.146.11.0/25 217.146.12.0/24 217.146.13.0/24 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.168.112.0/20 217.194.140.0/22 217.194.144.0/20 217.199.144.0/20 217.212.242.0/23
    # Pretoria Z.A. Used by some lottery scammers. Block these CIDRs if you get scammers from Pretoria, but no legit visitors!
    deny from 41.241.0.0/16 41.242.0.0/16 41.243.0.0/16 41.245.0.0/16 41.246.0.0/16
    # Johannesburg, Gauteng, South Africa
    deny from 41.26.0.0/16 41.28.0.0/16 41.112.0.0/12 165.146.0.0/18
    # Algeria
    deny from 41.200.0.0/15 193.194.64.0/19
    # Morocco
    deny from 41.140.0.0/14
    # Added Goldenlines.net.il (Israel) because of Open Proxies used by Nigerian scammers
    deny from 80.179.244.0/24
    # Amsterdam, The Netherlands - DSL-NAT Customers and web hosting clients - Lottery and 419 scammers
    deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 79.170.90.0/24 82.93.0.0/16 82.168.0.0/14 85.92.141.0 87.249.104.0/23 194.60.207.0/24
    # Freenet in Germany (freenet.de); Used as spam relay by many Nigerian scammers, in March, 2008.
    # Choose one of the following CIDRs:
    # Narrow freenet.de CIDR, used by recent scammers:
    deny from 195.4.92.0/23
    # Full Freenet.de CIDR:
    deny from 195.4.0.0/16
    # ISPs in Spain, France and Italy, used by many expatriot Nigerian lottery and 419 scammers (Cableuropa, Ibercom, Ono.com, Telefonica)
    deny from 62.42.0.0/16 80.13.0.0/16 80.24.0.0/16 80.25.0.0/16 80.36.0.0/14 81.34.0.0/16 81.45.0.0/16 81.202.0.0/15 82.63.128.0/18 82.90.0.0/15 82.194.64.0/19 82.196.0.0/19 83.54.0.0/16 84.120.0.0/13 85.39.0.0/16 85.91.64.0/19 88.0.0.0/11 88.202.124.0/27 89.141.0.0/17 91.142.208.0/20 147.83.0.0/16 147.96.0.0/16 193.252.22.0/24 195.53.0.0/16 195.55.0.0/16 212.121.224.0/19 213.4.0.0/16 213.194.128.0/18 213.194.144.0/20
    # 193.252.22.0/24 = orange.fr, in Paris, France. Constant 419 scams coming from their email servers!
    # Costa Rica exceptions:
    allow from 196.40.0.0/18 196.40.64.0/19
    # 2009 Nigerian/African ISP additions/subtractions below:
    # Jan 23: Removed 80.255.59.0/24 and replaced it with 80.255.59.232/29 and 80.255.59.240/29 to finetune block to just Nigeria
    # Jan 26: Added 41.205.0.0/19 in Cameroon, used by Nigerian 419 scammers against a dating forum
    # Feb 1: Added 41.208.48.0/24 in South Africa, after repetitive 419 scams
    # Mar 8: Added 41.215.160.0/20 in Ghana for 419 scams
    # Mar 11: Added 78.138.32.32/27 ipmath.com and SkyVision, in Nigeria
    # Mar 26: Added 41.221.160.0/20 Swift Network in Nigeria
    # Mar 26: Expanded CIDR 41.208.48.0/24 to 41.208.48.0/23, after tracing 419 scam email
    # Mar 31: Added 41.202.192.0/19 in Cameroon, for 419 scamming
    # Apr 8: Added 147.96.0.0/16 in Spain, due to 419 lottery scams
    # Apr 11: Added 81.202.0.0/15 in Spain, for spamming
    # Apr 19: Added 196.212.0.0/14 is.co.za, in Johannesburg, South Africa, due to 419 scammers
    # May 1: Added 82.196.0.0/19 in France, due to 419 scams
    # May 2: Added 41.184.0.0/16 in Nigeria
    # May 12: Added 196.46.240.0/21 vmobile-nigeria.com, for scamming
    # May 18: Added 80.24.0.0/16 in Spain, for server exploit attacks
    # May 19: Added 82.90.0.0/15 in Italy, for spamming
    # May 23: Added 81.45.0.0/16 in Spain, for spamming
    # May 28: Added 41.190.88.0/22 in Ghana, for scamming
    # May 30: Added 41.191.108.0/22 Suburban Telecom in Abuja, Nigeria
    # May 31: Added 41.210.192.0/18 Angola, for scam emails
    # June 2: Added 83.54.0.0/16 in Spain, due to Nigerian 419 scammers operating in Spain
    # June 23: Added 82.63.128.0/18 Italy - Interbusiness.it, for spamming
    # June 25: Added 41.222.0.0/21 in Uganda (main blocklist)
    # July 2: Added 91.142.208.0/20 in Madrid, Spain, for spamming
    # July 9: Added 41.189.0.0/19 in Nigeria, for spamming forums
    # July 9: Added 41.205.64.0/19 in Cameroon, for spamming forums
    # July 10: Added 41.218.192.0/18 in Ghana, for spamming
    # July 13: Added 41.191.84.0/22 in Benin, for 419 scammers
    # July 19: Added 195.55.0.0/16 in Spain, due to Nigerian 419 scammers
    # July 22: Added 41.26.0.0/16 in Johannesburg, Gauteng, South Africa, due to 419 scammers
    # Aug 12: Added 78.138.8.8/29 in Nigeria
    # Sept 25: Added 41.194.52.0/22 Cobranet in Nigeria
    # Sept 26: Added 41.222.192.0/22 in Benin, due to 419 scammers
    # Sept 28: Added 65.120.57.51 Netcomng in Nigeria. Used by loan spam sender. CIDR added below on 12/25/2009
    # Oct 20: Added 79.170.90.0/24 to the Amsterdam, The Netherlands blocklist, due to 419 scammers
    # Oct 20: Added 78.138.3.200/29 78.138.3.208/28 78.138.3.224/28 in Nigeria, for the usual 419 scams
    # Oct 24: Added 194.60.207.0/24 - XL-IS, to the Netherlands blocklist, due to 419 scammers using it.
    # Nov 14: Added 78.138.33.144/29 - Ipmath in Abuja, Nigeria. This is leased from sky-vision.net satellite service
    # Nov 19: Added 41.28.0.0/16 - Vodacom - under the category: "Johannesburg, Gauteng, South Africa"
    # Nov 23: Added 41.138.160.0/19 - VisaFone Communications, in Lagos, Nigeria, for 419 scams
    # Dec 16: Added 212.52.128.0/19 - Burkina Faso Onatel - for 419 scams
    # Dec 25: Expanded a NetcomNG (Nigeria) CIDR to 65.120.56.0/21 due to numerous 419 scams from those IPs
    ##### 2010
    # Jan 5: 41.112.0.0/12 Johannesburg - lottery and 419 scammers
    # Jan 10: 41.140.0.0/14 Morocco (New group) - 419 scammers
    # End Nigerian/African blocklist
    ## BEGIN ASIAN BLACKLIST
    # Chinese IP addresses follow:
    deny from 58.17.0.0/16 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.37.0.0/16 58.38.0.0/16 58.56.0.0/15 58.58.0.0/16 58.59.0.0/17 58.60.0.0/14 58.82.0.0/15 58.208.0.0/12 58.246.0.0/15 58.248.0.0/13 59.32.0.0/13 59.40.0.0/15 59.42.0.0/16 59.52.0.0/14 59.56.0.0/13 59.108.0.0/15 60.0.0.0/13 60.12.0.0/16 60.28.0.0/15 60.160.0.0/11 60.194.0.0/15 60.208.0.0/13 60.216.0.0/15 60.220.28.0/22 61.4.64.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.145.73.208/28 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.188.0.0/16 61.191.0.0/16 61.232.0.0/14 61.236.0.0/15 110.96.0.0/11 111.0.0.0/10 112.0.0.0/10 112.64.0.0/14 113.0.0.0/13 114.104.0.0/14 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.48.0.0/12 115.100.0.0/15 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.76.0.0/15 116.208.0.0/14 117.21.0.0/16 117.80.0.0/12 118.112.0.0/13 118.132.0.0/14 118.144.0.0/14 119.0.0.0/13 119.8.0.0/15 119.10.0.0/17 119.18.192.0/20 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.164.0.0/14 120.0.0.0/12 121.0.16.0/20 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.76.0.0/15 121.204.0.0/14 122.51.128.0/17 122.64.0.0/11 122.198.0.0/16 122.200.64.0/18 122.230.0.0/16 123.4.0.0/14 123.52.0.0/14 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.232.0.0/14 124.42.64.0/18 124.64.0.0/15 124.114.0.0/15 124.128.0.0/13 124.163.0.0/16 124.200.0.0/13 124.236.0.0/14 124.248.0.0/17 125.40.0.0/13 125.80.0.0/13 125.88.0.0/13 125.115.0.0/16 159.226.0.0/16 202.66.0.0/16 202.96.0.0/12 202.96.128.0/18 202.108.0.0/16 202.111.160.0/19 202.114.64.0/20 203.69.0.0/16 203.93.0.0/16 203.169.160.0/19 210.5.0.0/19 210.14.128.0/19 210.21.0.0/16 210.51.0.0/16 210.52.0.0/15 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.90.0.0/15 211.136.0.0/13 211.144.12.0/22 211.144.160.0/20 211.147.208.0/20 211.152.14.0/24 211.154.128.0/19 211.155.24.0/22 211.157.32.0/19 211.160.0.0/13 211.233.70.0/24 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.194.80.0/20 218.240.0.0/13 219.128.0.0/11 219.232.0.0/19 219.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.192.0.0/12 220.228.70.0/24 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.176.0.0/13 221.192.0.0/14 221.200.0.0/14 221.208.0.0/14 221.212.0.0/16 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.238.0.0/15 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.132.0.0/14 222.136.0.0/13 222.166.0.0/16 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.241.0.0/19
    # Hong Kong
    deny from 58.65.232.0/21 59.148.0.0/15 123.242.229.0/24 202.69.64.0/19 202.85.128.0/19 202.133.8.0/21 210.176.0.0/19 210.176.48.0/20 210.176.64.0/18 210.176.128.0/17 210.177.0.0/16 218.103.0.0/16 218.252.0.0/14 219.76.0.0/14 222.166.0.0/16
    # India and Pakistan
    deny from 59.88.0.0/15 59.176.0.0/13 59.184.0.0/15 61.247.238.0/24 115.108.0.0/14 115.240.0.0/12 117.192.0.0/10 193.53.87.0/24 121.240.0.0/13 122.160.0.0/16 122.167.0.0/16 202.154.224.0/24 203.115.80.0/20 203.197.0.0/16 218.248.0.0/20
    # Japan (hacking, scraping, or spamming)
    deny from 59.146.0.0/15 118.13.128.0/17 118.86.0.0/15 122.208.0.0/12 123.216.0.0/13 150.70.84.41 210.248.0.0/13 218.225.179.0/24 219.94.128.0/17 219.96.0.0/11 221.121.160.0/20 222.144.0.0/13
    # Korea IP addresses follow:
    deny from 58.72.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.72.0.0/14 61.76.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 110.8.0.0/12 110.45.0.0/16 113.30.64.0/18 114.108.128.0/18 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.88.0.0/13 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.220.16.0/20 121.128.0.0/10 121.254.0.0/16 122.44.112.0/20 122.99.128.0/17 123.111.0.0/16 123.140.0.0/14 124.0.0.0/15 124.50.87.161 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 168.188.0.0/16 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 210.93.0.0/16 210.94.0.0/15 210.112.0.0/16 210.117.128.0/18 210.118.216.192/26 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/13 211.202.0.0/16 211.211.36.0/23 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.144.0.0/12 218.232.0.0/15 218.234.18.0/24 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13
    # Yahoo-Korea (provides free email services used by some spammers)
    deny from 123.0.0.0/20
    # Neighboring Asian countries:
    # Malaysia
    deny from 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 112.137.160.0/20 115.132.0.0/14 116.206.0.0/16 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27
    ## END ASIAN BLACKLIST
    ## BEGIN EUROPEAN BLACKLIST
    # Russia, Ukraine, Bulgaria, Czech Republic, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia, Siberia, Slovakia, Slovenia
    deny from 62.16.96.0/19 62.64.64.0/18 62.69.0.0/19 62.76.126.0/24 62.85.0.0/17 62.133.128.0/19 62.141.64.0/18 62.168.224.0/19 62.182.104.0/21 62.213.64.0/18 62.233.142.0/26 70.85.189.224/29 77.37.128.0/17 77.41.0.0/17 77.43.128.0/17 77.45.128.0/17 77.51.0.0/18 77.51.64.0/18 77.75.8.0/21 77.79.244.0/22 77.87.152.0/21 77.88.0.0/18 77.91.224.0/21 77.94.124.0/22 77.120.0.0/14 77.221.128.0/19 77.222.128.0/19 77.233.160.0/19 77.234.0.0/19 77.234.192.0/19 77.244.208.0/20 78.26.128.0/18 78.36.0.0/15 78.85.0.0/16 78.96.0.0/15 78.106.0.0/15 78.108.176.0/20 78.109.16.0/20 78.110.48.0/20 78.110.160.0/20 78.129.128.0/17 78.157.128.0/19 79.98.208.0/21 79.99.216.0/21 79.111.0.0/16 79.120.0.0/17 79.126.0.0/18 79.136.128.0/17 79.139.128.0/17 79.140.64.0/20 79.140.160.0/20 80.48.0.0/13 80.71.240.0/20 80.73.64.0/21 80.77.80.0/24 80.82.160.0/20 80.85.176.0/20 80.86.96.0/19 80.86.240.0/21 80.91.160.0/19 80.93.48.0/21 80.233.128.0/17 80.235.0.0/17 81.5.96.0/20 81.9.0.0/20 81.16.80.0/20 81.19.64.0/19 81.21.0.0/20 81.30.176.0/20 81.88.208.0/20 81.89.112.0/20 81.90.224.0/20 81.94.32.0/20 81.95.144.0/20 81.176.0.0/15 81.181.16.0/22 81.195.0.0/16 81.196.0.0/16 81.200.0.0/20 81.222.128.0/20 82.76.0.0/14 82.103.64.0/18 82.114.224.0/19 82.138.6.128/25 82.138.32.0/19 82.140.64.0/18 82.144.192.0/19 82.146.56.0/21 82.151.112.0/21 82.160.203.0/24 82.179.0.0/16 82.199.96.0/19 82.204.128.0/17 83.19.145.232/29 83.102.128.0/17 83.148.64.0/18 83.166.192.0/19 83.167.96.0/19 83.170.192.0/18 83.174.192.0/18 83.219.129.0/24 83.222.0.0/19 83.222.160.0/19 83.222.192.0/19 83.229.128.0/17 83.237.0.0/16 84.17.0.0/19 84.21.64.0/19 84.51.64.0/19 84.253.64.0/18 85.14.35.0/24 85.21.0.0/16 85.29.192.0/18 85.90.192.0/19 85.93.32.0/19 85.93.128.0/19 85.94.0.0/19 85.94.32.0/19 85.112.112.0/20 85.113.128.0/19 85.121.180.0/23 85.140.0.0/15 85.142.0.0/15 85.192.60.0/23 85.204.24.0/23 85.207.0.0/16 85.249.0.0/16 85.255.0.0/20 85.255.112.0/20 86.34.0.0/16 86.35.0.0/21 86.35.128.0/17 86.55.120.0/22 86.57.128.0/17 86.125.88.0/21 86.127.19.0/24 87.99.64.0/19 87.103.192.0/20 87.103.208.0/20 87.110.0.0/16 87.117.0.0/18 87.118.128.0/18 87.119.224.0/19 87.120.16.0/20 87.204.0.0/15 87.226.0.0/17 87.242.116.0/23 87.248.160.0/19 87.251.128.0/19 87.253.192.0/19 88.81.248.0/21 88.147.128.0/17 88.200.128.0/17 88.201.128.0/17 88.205.128.0/17 88.212.192.0/18 89.20.128.0/19 89.21.128.0/19 89.28.0.0/17 89.32.152.0/21 89.33.72.0/21 89.35.64.0/21 89.37.144.0/21 89.38.112.0/20 89.38.128.0/21 89.41.176.0/20 89.44.142.0/23 89.104.64.0/19 89.106.96.0/19 89.108.64.0/19 89.108.120.0/22 89.109.0.0/18 89.110.0.0/18 89.110.64.0/18 89.111.160.0/20 89.111.176.0/20 89.113.72.0/21 89.114.54.0/23 89.121.128.0/17 89.122.0.0/16 89.123.0.0/16 89.136.0.0/15 89.149.0.0/17 89.165.128.0/17 89.175.0.0/16 89.178.0.0/15 89.186.0.0/19 89.187.48.0/23 89.187.128.0/19 89.190.224.0/19 89.208.160.0/19 89.212.64.0/18 89.218.0.0/16 89.222.128.0/17 89.223.0.0/17 89.239.128.0/18 89.251.96.0/20 89.253.0.0/18 90.150.112.0/20 90.150.128.0/20 90.151.128.0/20 90.156.128.0/17 90.176.0.0/13 91.76.0.0/14 91.122.0.0/16 91.123.0.0/19 91.124.0.0/16 91.135.192.0/22 91.143.160.0/20 91.149.157.0/24 91.149.180.0/24 91.189.80.0/21 91.189.128.0/21 91.191.64.0/18 91.192.68.0/22 91.193.140.0/22 91.194.10.0/23 91.197.128.0/22 91.200.228.0/22 91.200.232.0/22 91.203.4.0/22 91.203.92.0/22 91.205.124.0/22 91.206.200.0/23 91.206.226.0/23 91.207.4.0/22 91.207.60.0/23 91.208.228.0/24 91.211.64.0/22 91.211.68.0/22 91.212.41.0/24 91.212.65.0/24 91.212.198.0/24 91.212.226.0/24 91.213.33.0/24 91.213.121.0/24 92.36.0.0/17 92.46.0.0/15 92.48.126.128/25 92.48.201.0/26 92.50.128.0/18 92.53.104.0/22 92.80.0.0/14 92.82.0.0/16 92.83.0.0/16 92.84.0.0/16 92.112.0.0/15 92.114.128.0/17 92.124.0.0/14 92.241.160.0/19 92.244.224.0/19 92.255.0.0/16 93.80.0.0/15 93.84.0.0/15 93.86.0.0/15 93.92.32.0/21 93.99.0.0/16 93.113.27.0/24 93.120.128.0/18 93.159.0.0/18 94.25.0.0/17 94.26.0.0/17 94.50.0.0/15 94.73.192.0/18 94.79.0.0/18 94.100.181.128/25 94.103.80.0/20 94.176.96.0/24 94.178.0.0/15 94.188.0.0/17 94.189.128.0/17 94.229.65.160/27 94.230.0.0/20 94.247.0.0/21 95.24.0.0/13 95.52.0.0/14 95.64.128.0/17 95.108.128.0/17 95.132.0.0/14 95.168.160.0/19 95.188.0.0/14 141.85.0.0/16 158.197.0.0/16 160.99.0.0/16 188.24.0.0/14 188.120.32.0/20 188.131.0.0/17 192.129.3.0/24 193.19.244.0/22 193.25.112.0/23 193.37.138.0/24 193.37.156.0/23 193.39.113.0/24 193.47.166.0/24 193.77.64.0/18 193.108.38.0/23 193.108.248.0/22 193.178.144.0/22 193.178.228.0/23 193.200.50.0/23 193.223.101.0/24 193.227.226.0/23 193.230.232.0/24 193.238.128.0/22 194.0.88.0/22 194.29.60.0/22 194.44.36.0/24 194.85.88.0/21 194.85.128.0/19 194.102.114.0/24 194.114.144.0/22 194.160.0.0/16 194.176.176.0/24 194.181.0.0/16 194.186.0.0/16 194.187.108.0/22 195.2.96.0/19 195.2.240.0/23 195.2.252.0/23 195.3.148.0/22 195.5.116.0/23 195.28.32.0/19 195.34.224.0/19 195.42.160.0/19 195.60.174.0/23 195.88.32.0/23 195.93.218.0/23 195.93.218.0/24 195.95.218.0/23 195.95.228.0/23 195.112.96.0/19 195.116.0.0/16 195.128.16.0/22 195.128.48.0/21 195.131.0.0/16 195.137.200.0/23 195.138.64.0/19 195.138.198.0/24 195.170.192.0/19 195.189.246.0/23 195.190.13.0/24 195.208.0.0/15 195.209.32.0/19 195.209.224.0/19 195.216.243.0/24 195.225.64.0/22 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.242.232.0/22 195.244.128.128/25 195.245.112.0/23 195.245.208.0/24 204.9.184.0/21 212.1.224.0/19 212.9.224.0/19 212.24.32.0/19 212.33.224.0/19 212.44.64.0/20 212.44.80.0/22 212.44.128.0/19 212.58.192.0/19 212.92.128.0/18 212.96.160.0/19 212.118.32.0/19 212.158.160.0/20 213.25.0.0/16 213.35.224.0/23 213.91.128.0/17 213.140.96.0/19 213.141.128.0/19 213.142.192.0/19 213.154.192.0/19 213.156.192.0/24 213.170.64.0/19 213.186.192.0/19 213.215.64.0/18 213.233.101.0/24 213.242.12.0/22 213.248.0.0/18 217.12.112.0/20 217.12.240.0/20 217.16.16.0/20 217.18.240.0/20 217.20.160.0/20 217.23.128.0/19 217.27.144.0/20 217.28.208.0/21 217.65.208.0/20 217.67.16.0/20 217.77.208.0/20 217.106.0.0/15 217.114.224.0/20 217.146.240.0/20 217.147.0.0/19 217.149.240.0/20 217.173.64.0/20 217.174.96.0/20 217.197.240.0/20
    # Turkey: web hosts and Turk Telekom customers - scammers, spammers, phishing websites and server script exploiters:
    deny from 77.79.64.0/18 78.160.0.0/11 79.135.160.0/19 81.213.0.0/16 81.214.0.0/16 81.215.0.0/16 82.222.0.0/16 84.51.0.0/18 85.96.0.0/12 88.226.0.0/16 88.229.0.0/16 88.231.0.0/16 88.232.0.0/16 88.233.0.0/16 88.234.0.0/16 88.238.0.0/16 88.239.0.0/17 88.241.128.0/17 88.243.0.0/17 88.245.0.0/16 88.247.128.0/17 88.248.0.0/13 89.106.0.0/19 89.113.72.0/21 92.63.0.0/20 93.187.200.0/21 94.78.64.0/18 160.75.0.0/16 188.3.0.0/16 194.27.48.0/23 195.155.0.0/16 195.174.0.0/15 195.175.0.0/17 212.15.0.0/19 212.95.40.0/23 212.174.113.0/24 212.175.0.0/16
    # German ISPs used by hackers and spammers including 1&1internet DE and Schlund & Partners
    deny from 77.176.0.0/12 85.214.0.0/16
    ## END EUROPEAN BLACKLIST
    # Add other blocked domain names or IP addresses here, starting with "deny from " without quotes
    # blacklist of various individual DDOS IPs 1-15-2010
    deny from 172.158.3.2 200.3.181.76 187.152.160.92 141.223.129.69 190.59.118.54
    #deny from 120.60.0.0/19 95.56.59.0/19 61.6.202.0/19 218.186.8.0/19 195.229.235.0/19 218.186.8.0/19 195.229.235.0/19 195.229.235.0/19 209.94.196.0/19 192.100.176.0/19 61.0.0.0/19 115.0.0.0/19 78.0.0.0/19 80.0.0.0/19 116.0.0.0/19 188.0.0.0/19 217.0.0.0/19 196.0.0.0/19 118.0.0.0/19 86.0.0.0/19 63.0.0.0/19 93.0.0.0/19 210.0.0.0/19 94.0.0.0/19 124.0.0.0/19 58.0.0.0/19 92.0.0.0/19 77.0.0.0/19 203.0.0.0/.255 85.0.0.0/19 41.0.0.0/19 88.0.0.0/19 220.0.0.0/19 202.0.0.0/19 60.0.0.0/19 141.223.129.0/19 122.0.0.0/19 190.59.118.0/19 119.0.0.0/19 186.0.0.0/19 110.0.0.0/19 187.152.160.0/19 200.3.181.0/19 83.0.0.0/19 87.0.0.0/19 201.0.0.0/19 189.0.0.0/19 168.243.0.0/19 140.109.0.0/19 125.0.0.0/19 121.0.0.0/19 117.0.0.0/19 114.0.0.0/19 59.0.0.0/19 
    # If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0
    # Real life example: Some forums have legitimate DSL customers in Mauritius, which is blocked by 196.0.0.0/9, in my blocklist.
    # To allow 8192 of these folks in Mauritius, just add the following directive:
    allow from 196.27.64.0/19
    # Add "allow from" IP addresses, or CIDR Ranges, AFTER all of the "deny from" items, just before the closing Files tag.
    #Overseas employee1 example
    allow from 213.108.47.0/19
    #Overseas employee2 example
    allow from 112.198.193.0/19
    # Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.
     
    # This prevents web browsers or spiders from seeing your .htaccess directives:
     
    deny from all
     
    # End of .htaccess file
    Note: add the code above into a .htaccess file and upload it to your root directory /public_html/

    Source: http://joshua-mcclure.com/linux-ddos...with-htaccess/
    l0calh0st Reviewed by l0calh0st on . Block most DDoS using htaccess file! Hey, I found this on the net and wanted to share this with you all: Lately, it seems DDOS attacks have become a more popular way for a tech savvy customer or competitor to attempt a bit of revenge. I?ve consulted on several emergency projects within the past month in which a client?s server ? web sites creating sales of over $100,000 per day ? were brought down for hours or days due to a DDOS attacks that are easily mitigated with the proper techniques. Distributed denial of service or Rating: 5

    Defendos BETA3 Released! Thread - Official Website

  2.   Sponsored Links

  3.     
    #2
    Member
    This will surely be useful, thanks mate.

  4.     
    #3
    Banned
    Website's:
    TehHost.net
    good info

    Thanks buddy

  5.     
    #4
    Member
    I don't think you know what you are talking about. You can't mitigate a DDoS attack with that.
    KnownSRV.com - Quality comes at a price, and we provide it at affordable prices.
    PayPal, Skrill(MoneyBookers), Payza(AlertPay), 2CheckOut and LibertyReserve accepted!

  6.     
    #5
    Banned
    Website's:
    KWWHunction.com
    I agree with Krun!x

    DDoS attacks usually Target the servers shared IP address if the person knows what they are doing,

  7.     
    #6
    It begins...
    This thread fails, l0cal. A DDoS attack is usually on the server level. Your webserver is neither involved, nor can it do anything to mitigate it. If you're going to mitigate a DDoS attack, you need to drop packets originating from the abusing IP addresses.

  8.     
    #7
    Member
    unfortunately i haven't botnet to test this

  9.     
    #8
    Member
    useful list, thank you

  10.     
    #9
    Member
    Website's:
    MSAHost.net MegaDizajn.info URLFor.us
    Quote Originally Posted by l0calh0st View Post
    500 Internal Server Error
    It seems the source tried his tutorial


    "Better to remain silent and be thought a fool than to speak out and remove all doubt"
    - A. Lincoln

  11.     
    #10
    Member
    Well seems like the code has many allow ip address specially.
    DO i have to change this.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Block DoS/DDoS attacks using IPTables in SSH
    By DXS in forum Tutorials and Guides
    Replies: 21
    Last Post: 27th May 2012, 03:20 PM
  2. Block ddos ip ? iptables dont works ?
    By devNULL in forum Technical and Security Tutorials
    Replies: 0
    Last Post: 3rd Apr 2012, 08:27 AM
  3. Ultimate htaccess Blacklist For Bad Bots (ddos)
    By shahpar in forum Technical and Security Tutorials
    Replies: 7
    Last Post: 26th Dec 2011, 12:42 AM
  4. Howto Block common DDOS Attacks
    By robert420 in forum Tutorials and Guides
    Replies: 0
    Last Post: 14th Oct 2010, 06:34 PM
  5. Block Copyright Authorities Via .HTaccess
    By Fatal in forum Webmaster Discussion
    Replies: 5
    Last Post: 4th Sep 2010, 08:51 PM

Tags for this Thread

BE SOCIAL